UsermodeDebugMonitor

The application is currently designed to protect itself from debugging using TLS Callbacks. The main application logic would be able to continue after that. The code is a mess but in further iterations the code will take a more modular approach. A separate library which can be introduced into new projects either at runtime or compile time will be developed.

References

• https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=230d68b2-c80f-4436-9c09-ff84d049da33&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments
• https://github.com/processhacker/processhacker
• https://www.blackhat.com/docs/asia-14/materials/Li/Asia-14-Li-Comprehensive-Virtual-Appliance-Detection.pdf
• https://forum.reverse4you.org/t/topic/403/6
• https://docs.microsoft.com/en-us/windows/win32/dlls/using-thread-local-storage-in-a-dynamic-link-library